CVE-2014-6427
wireshark: RTSP dissector crash (wnpa-sec-2014-17)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
Error de superación de límite (off-by-one) en la función is_rtsp_request_or_reply en epan/dissectors/packet-rtsp.c en el diseccionador RTSP en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado que provoca analizar un token localizado una posición más allá de la posición actual.
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-16 CVE Reserved
- 2014-09-20 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://linux.oracle.com/errata/ELSA-2014-1676 | X_refsource_confirm | |
| http://secunia.com/advisories/60280 | Third Party Advisory | |
| http://secunia.com/advisories/60578 | Third Party Advisory | |
| http://secunia.com/advisories/61929 | Third Party Advisory | |
| http://www.wireshark.org/security/wnpa-sec-2014-17.html | X_refsource_confirm | |
| https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381 | X_refsource_confirm | |
| https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=73959159dbf34b4a0b50fbd19e05cb1b470be9b0 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html | 2023-11-07 | |
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-1676.html | 2023-11-07 | |
| http://www.debian.org/security/2014/dsa-3049 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2014-6427 | 2014-10-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1142604 | 2014-10-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.0 Search vendor "Wireshark" for product "Wireshark" and version "1.10.0" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.1 Search vendor "Wireshark" for product "Wireshark" and version "1.10.1" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.2 Search vendor "Wireshark" for product "Wireshark" and version "1.10.2" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.3 Search vendor "Wireshark" for product "Wireshark" and version "1.10.3" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.4 Search vendor "Wireshark" for product "Wireshark" and version "1.10.4" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.5 Search vendor "Wireshark" for product "Wireshark" and version "1.10.5" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.6 Search vendor "Wireshark" for product "Wireshark" and version "1.10.6" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.7 Search vendor "Wireshark" for product "Wireshark" and version "1.10.7" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.8 Search vendor "Wireshark" for product "Wireshark" and version "1.10.8" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.10.9 Search vendor "Wireshark" for product "Wireshark" and version "1.10.9" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.12.0 Search vendor "Wireshark" for product "Wireshark" and version "1.12.0" | - |
Affected
| ||||||